Virus Infection....Avast cant detect. aswMBR.exe get shutdown.

Viruses and worms
1

I have a virus infection i cant get raid off. I’ve tried everything possible. My Avast security software 2013 cant detect so i tried scanning with aswMBR.exe which shuts down every time is scans wdnissvc. It says " The instructions at 0x7767e793 referenced memory at 0x00c4ffff. The memory cold not be read. CLick Ok to terminate the program" Memory scan detects no memory problems however. Virus blocks microsoft updates and denies me access to system restore and System VOlume Information.

2

how do you know you have a virus if not detected?

attach OTL diagnostic log. http://forum.avast.com/index.php?topic=53253.0

3

Here is the OTl scan

4

malware experts are notified and will check the log… it may take some time before they arrive

5

Hi,

Please run these tools:

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Under Optional Scan ensure “List BCD” and “Driver MD5” are ticked.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

THEN…

Please download GMER, the AntiRootkit tool from the link below and save it to your Desktop:

Gmer download link
Note: file will be random named

Double-clicking to run GMER.

[*]Wait for initial scan to finish - if there is any query, click No;
[*]Click [ Scan ] button and wait until the full scan is complete;
[*]Click [ Save … ]- save the report to the Desktop (named ARK );

[*]Click the >>> button and select Autostart card;
[*]Click [ Scan ] button;
[*] After quick scan, click Copy button;
[*]Open notepad and Paste text. Save report to the Desktop (named autostart )

Attach here both Gmer logreports. (ARK.txt and autostart.txt)

6

Farbar isn’t compatible with windows 8 but the other software worked and here is the result

7

Hi, FRST is compatible with Windows 8 and with .1 update. Please re-try or download fresh FRST64 and re-try to run.

Please note that you need to run the version compatibale with your system. Your system is x64bit based system. FRST64 is the right version.